generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
37,657 Commits 24 Branches 241 Tags
Commit Graph

37657 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
b07c791252 huffyuvdec: Skip len==0 cases 
Fixes vlc decoding for hypothetical files that would contain such cases.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5ff41ffeb4cb9ea6df49757dc859619dc3d3ab4f)

Conflicts:

	libavcodec/huffyuv.c
(cherry picked from commit 9bc70fe1ae50fd2faa0b9429d47cfbda01a92ebc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-02-14 15:18:23 +01:00
Michael Niedermayer
ba4b57e802 huffyuvdec: Check init_vlc() return codes. 
Prevents out of array writes

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f67a0d115254461649470452058fa3c28c0df294)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc)

Conflicts:

	libavcodec/huffyuv.c
(cherry picked from commit 277def59fce10d91e3113e5c0f63e22bc4abfa88)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-02-14 15:18:23 +01:00
Xi Wang
ef953f760e rtmp: fix buffer overflows in ff_amf_tag_contents() 
A negative `size' will bypass FFMIN().  In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.

Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e692374f7962ea358c329de38c380103f8991b6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-02-14 15:18:23 +01:00
Xi Wang
69b3fedc09 rtmp: fix multiple broken overflow checks 
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C.  Many compilers such as gcc/clang optimize such
checks away.

Use `size < 0 || size >= data_end - data' instead.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 902cfe2f74d777a7dc20ac68f2393b9f84b790c1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-02-14 15:18:23 +01:00
Xi Wang
165f783235 rtpenc: fix overflow checking in avc_mp4_find_startcode() 
The check `start + res < start' is broken since pointer overflow is
undefined behavior in C.  Many compilers such as gcc/clang optimize
away this check.

Use `res > end - start' instead.  Also change `res' to unsigned int
to avoid signed left-shift overflow.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f014567cfd63e58156f60666f1a61ba147276ab)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-02-14 15:18:23 +01:00
Carl Eugen Hoyos
7a21b089c2 sws: dont write out of array on bigendian 
Fixes Ticket2229

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e2c63685e031e28d2296cff76473b963ee62ba1)
 2013-02-14 14:42:41 +01:00
Michael Niedermayer
4d9bde86d0 ffmpeg: dont allow -flags to override -pass 
Fixes Ticket2154

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ccf9dd00da055e94117b56cead4af80ff331b00e)

Conflicts:
	ffmpeg_opt.c
 2013-02-06 10:23:45 +01:00
Carl Eugen Hoyos
4e869e7a5f matroskaenc: add codec_tag lists back. 
This reverts 312645e :
"Do not set codec_tag property for matroska muxers."

Also adds dummy codec_tag lists with codecs
supported in mkv but not in wav / avi.

Fixes ticket #2169.
(cherry picked from commit df39c3ce385c02cbd8046298578ea7454c0a0f81)

Conflicts:
	libavformat/matroskaenc.c
 2013-01-24 02:42:38 +01:00
Carl Eugen Hoyos
74b04e6a35 Fix detection of struct v4l2_frmsize_discrete. 
It was always detected successfully.
(cherry picked from commit 91e016865cccc192f86d40ea93eb06cf0e7ba4a0)
 2013-01-17 02:45:20 +01:00
Michael Niedermayer
492eb0aa14 Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 
* qatar/release/0.8:
  Update Changelog
  h264: check ref_count validity for num_ref_idx_active_override_flag
  h264: check context state before decoding slice data partitions
  oggdec: free the ogg streams on read_header failure
  oggdec: check memory allocation
  Fix uninitialized reads on malformed ogg files.
  rtsp: Recheck the reordering queue if getting a new packet
  opt: avoid segfault in av_opt_next() if the class does not have an option list
  alacdec: do not be too strict about the extradata size

Conflicts:
	Changelog

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2013-01-17 02:33:07 +01:00
Michael Niedermayer
c961ce969a Merge commit 'a335ffd7f4cdaaa6a8fe4187f6f06b0418eea19a' into release/0.10 
* commit 'a335ffd7f4cdaaa6a8fe4187f6f06b0418eea19a':
  h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles
  h264: check sps.log2_max_frame_num for validity
  h264: slice-mt: get last_pic_dropable from master context
  ppc: always use pic for shared libraries
  h264: error out on unset current_picture_ptr for h->current_slice > 0
  flashsv: make sure data for zlib priming is available
  h264: enable low delay only if no delayed frames were seen
  flashsv: check for keyframe before using differential coding
  lavf: avoid integer overflow in ff_compute_frame_duration()
  aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.
  APIchanges: Fill in missing commit hashes

Conflicts:
	doc/APIchanges

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2013-01-17 02:20:20 +01:00
Michael Niedermayer
52cea9ce92 Merge commit '01a4e7f623a2e6dc95862f9a56c777f058d7bfaf' into release/0.10 
* commit '01a4e7f623a2e6dc95862f9a56c777f058d7bfaf':
  lavf: Bump minor version to distinguish branch and master version numbers
  vp6: properly fail on unsupported feature
  mp3: properly forward mp_decode_frame errors
  mpeg12: do not decode extradata more than once.
  indeo3: when freeing buffers, set pointers referencing them to NULL as well
  indeo3: ensure that decoded cell data is in 7-bit range as presumed by decoder
  avconv: fix copying per-stream metadata.
  id3v2: fix reading unsynchronized frames.
  h264: Fix parameters to ff_er_add_slice() call
  build: fix 'clean' target

Conflicts:
	avconv.c
	libavcodec/mpeg12.h
	libavformat/id3v2.c
	libavformat/version.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2013-01-17 01:58:54 +01:00
Carl Eugen Hoyos
4fc22e85c0 Revert "x86: Require an assembler able to cope with AVX instructions" 
This reverts commit e287201c77dc7a7a9759d56d8f48ae719b7e69a9.
 2013-01-17 01:51:28 +01:00
Michael Niedermayer
ea3b68c99d Merge commit 'dcf8f259d107838ff3778343dcb762398130a1a3' into release/0.10 
* commit 'dcf8f259d107838ff3778343dcb762398130a1a3':
  build: Add 'check' target to run all compile and test targets.
  Ignore generated aviocat tool.
  avconv: only apply presets when we have an encoder.
  flacenc: ensure the order is within the min/max range in LPC order search
  yuv4mpeg: reject unsupported codecs
  vp8: reset loopfilter delta values at keyframes.
  vp56: release frames on error
  vp56: make parse_header return standard error codes
  ivi_common: check that scan pattern is set before using it.
  Prepare for 0.8.5 Release
  x86: Require an assembler able to cope with AVX instructions

Conflicts:
	RELEASE
	avconv.c
	doc/developer.texi
	libavformat/yuv4mpeg.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2013-01-17 01:29:26 +01:00
Reinhard Tartler
cf2cab5b2a Update Changelog 2013-01-12 17:59:41 +01:00
Janne Grunau
adef01c370 h264: check ref_count validity for num_ref_idx_active_override_flag 
Fixes segfault in the fuzzed sample bipbop234.ts_s226407.
CC: libav-stable@libav.org
(cherry-picked from commit 6e5cdf26281945ddea3aaf5eca4d127791f23ca8)
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
 2013-01-12 17:59:41 +01:00
Janne Grunau
06312bbb10 h264: check context state before decoding slice data partitions 
Fixes mov_h264_aac__Demo_FlagOfOurFathers.mov.SIGSEGV.4e9.656.

Found-by: Mateusz "j00ru" Jurczyk
CC: libav-stable@libav.org
(cherry-picked from commit c1fcf563b13051f280db169ba41c6a1b21b25e08)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:41 +01:00
Luca Barbato
03fec31cd7 oggdec: free the ogg streams on read_header failure 
Plug an annoying memory leak on broken files.
(cherry picked from commit 89b51b570daa80e6e3790fcd449fe61fc5574e07)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 42bd6d9cf681306d14c92af97a40116fe4eb2522)

Conflicts:

	libavformat/oggdec.c
 2013-01-12 17:59:41 +01:00
Luca Barbato
6eebba08e1 oggdec: check memory allocation 
(cherry picked from commit ba064ebe48376e199f353ef0b335ed8a39c638c5)

Conflicts:

	libavformat/oggdec.c
 2013-01-12 17:59:41 +01:00
Victor Lopez
a335ffd7f4 h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles 
Fixes bug 396.

CC: libav-stable@libav.org
(cherry picked from commit 1c8bf3bfed5ff5c504c8e3de96188a977f67cce0)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:40 +01:00
Dale Curtis
9ded14fcb8 Fix uninitialized reads on malformed ogg files. 
The ogg decoder wasn't padding the input buffer with the appropriate
FF_INPUT_BUFFER_PADDING_SIZE bytes. Which led to uninitialized reads in
various pieces of parsing code when they thought they had more data than
they actually did.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit ef0d779706c77ca9007527bd8d41e9400682f4e4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:40 +01:00
Janne Grunau
f620c12067 h264: check sps.log2_max_frame_num for validity 
Fixes infinite or long taking loop in frame num gap code in
the fuzzed sample bipbop234.ts_s223302.

CC: libav-stable@libav.org
(cherry picked from commit d7d6efe42b0d2057e67999b96b9a391f533d2333)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:40 +01:00
Martin Storsjö
d1d329932f rtsp: Recheck the reordering queue if getting a new packet 
If we timed out and consumed a packet from the reordering queue,
but didn't return a packet to the caller, recheck the queue status.
Otherwise, we could end up in an infinite loop, trying to consume
a queued packet that has already been consumed.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8729698d50739524665090e083d1bfdf28235724)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:40 +01:00
Janne Grunau
1d98811b95 h264: slice-mt: get last_pic_dropable from master context 
Fixes fate-h264-conformance-cvnlfi2_sony_h and smllwebdl.mkv from
https://github.com/OpenELEC/OpenELEC.tv/issues/1557 .

CC: libav-stable@libav.org
(cherry picked from commit a8cb1746c5b6307b2e820f965a7da8d907893b38)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:40 +01:00
Justin Ruggles
dfb7a638e6 opt: avoid segfault in av_opt_next() if the class does not have an option list 
CC: libav-stable@libav.org
(cherry picked from commit d02202e08a994c6c80f0256ae756698541b59902)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:40 +01:00
Luca Barbato
6b70965f39 ppc: always use pic for shared libraries 
CC: libav-stable@libav.org
(cherry picked from commit 1944d532a8a1c4b12222f0acfeb1153630dbc996)

Conflicts:

	configure
 2013-01-12 17:59:40 +01:00
Justin Ruggles
77e6676d3e alacdec: do not be too strict about the extradata size 
Sometimes the extradata has duplicate atoms, but that shouldn't prevent
decoding. Just ensure that it is at least 36 bytes as a sanity check.

CC: libav-stable@libav.org
(cherry picked from commit 68a04b0ccee66f57516e129dd3ec457fd50b4bec)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:40 +01:00
Janne Grunau
f1b3cc02ec h264: error out on unset current_picture_ptr for h->current_slice > 0 
Fixes a segfault with fuzzed sample sample_varPAR_s11622_r001-02.avi.

CC: libav-stable@libav.org
(cherry picked from commit 0b300daad2f5cb59a7c06dde5ac701685e6edf16)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:40 +01:00
Janne Grunau
b6592b402c flashsv: make sure data for zlib priming is available 
Fixes a segfault in the fuzzed sample resolutionchange.flv_s314809.

CC: libav-stable@libav.org
(cherry picked from commit 3ae69b91668e3d9b65af4007eb5871397cf0b0ab)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:40 +01:00
Janne Grunau
6cd92c3880 h264: enable low delay only if no delayed frames were seen 
Dropping frames is undesirable but that is the only way by which the
decoder could return to low delay mode. Instead emit a warning and
continue with delayed frames.
Fixes a crash in fuzzed sample nasa-8s2.ts_s20033 caused by a larger
than expected has_b_frames value. Low delay keeps getting re-enabled
from a presumely broken SPS.

CC: libav-stable@libav.org
(cherry picked from commit 706acb558a38eba633056773280155d66c2f4b24)

Conflicts:

	libavcodec/h264.c
 2013-01-12 17:59:40 +01:00
Janne Grunau
522e97bd9e flashsv: check for keyframe before using differential coding 
Fixes a segfault in te fuzzed sample resolutionchange.flv_s211713.

CC: libav-stable@libav.org
(cherry picked from commit 5ae72f54532960cb9eae82a1c9e8d505106c022b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:39 +01:00
Janne Grunau
d282e5ce72 lavf: avoid integer overflow in ff_compute_frame_duration() 
Scaling the denominator instead of the numerator if it is too large
loses precision. Fixes an assert caused by a negative frame duration in
the fuzzed sample nasa-8s2.ts_s202310.

CC: libav-stable@libav.org
(cherry picked from commit 7709ce029a7bc101b9ac1ceee607cda10dcb89dc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:39 +01:00
Alex Converse
a4a63bf5b5 aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN. 
Found-by: pawlkt
CC: libav-stable@libav.org
Fixes: CVE-2012-5144
(cherry picked from commit 6d5b0092678b2a95dfe209a207550bd2fe9ef646)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-12 17:59:39 +01:00
Diego Biurrun
01a4e7f623 lavf: Bump minor version to distinguish branch and master version numbers 
This enables checking for an API version not present in master that
has avformat_get_riff_video_tags() and avformat_get_riff_audio_tags().
 2013-01-10 20:51:45 +01:00
Diego Biurrun
bb35a42e93 APIchanges: Fill in missing commit hashes 2013-01-10 20:51:45 +01:00
Piotr Bandurski
fe0e64ca64 tiffdec: Use the correct height field. 
Fixes Ticket913

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4784a135b2b0fe4d1b4c6256bd37265fc45aed3d)

Conflicts:
	libavcodec/tiff.c
 2013-01-07 00:34:31 +01:00
Luca Barbato
3e700cc66b vp6: properly fail on unsupported feature 
Interlacing is not supported at all and mismanaged down the normal
codepaths causing possible buffer management issues.

Fixes: CVE-2012-2783
(cherry picked from commit be75fed9755c1285ba084574aff2d7ee0f81110d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-05 12:02:22 +01:00
Luca Barbato
a5290800f5 mp3: properly forward mp_decode_frame errors 
The function can return either a parsing error or a memory management
error.

Fixes: CVE-2012-2797

(cherry picked from commit 9ab0874ea8b6774c6f5470dba2b5b4615a610d0d)

Conflicts:

	libavcodec/mpegaudiodec.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-05 11:49:25 +01:00
Anton Khirnov
56c1e18a52 mpeg12: do not decode extradata more than once. 
Fixes CVE-2012-2803.

CC: libav-stable@libav.org
(cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2)

Conflicts:

	libavcodec/mpeg12.c
 2013-01-05 00:35:58 +01:00
Kostya Shishkov
c55ca98769 indeo3: when freeing buffers, set pointers referencing them to NULL as well 
Related to CVE-2012-2804
(cherry picked from commit bc00da27010ed9e5dbe47e5b6fae3dcddb999d78)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-05 00:27:34 +01:00
Kostya Shishkov
e5ea6539d4 indeo3: ensure that decoded cell data is in 7-bit range as presumed by decoder 
Related to CVE-2012-2804
(cherry picked from commit fc417db3f162d5269c0d22f8e467da4afa67c20a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-05 00:26:25 +01:00
Anton Khirnov
f65ec488a9 avconv: fix copying per-stream metadata. 
It is handled separately from other types because it uses stream
specifiers and currently that triggers an assert in SET_DICT.

(cherry picked from commit 4632abc7a3a64b23c243b21cae7a08e5af92231e)

Conflicts:

	avconv_opt.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-05 00:25:31 +01:00
Anton Khirnov
3750104e9d id3v2: fix reading unsynchronized frames. 
Current code would incorrectly process e.g. 'ff 00 ff 00 ff' to
'ff ff ff', while it should be 'ff ff 00 ff'.

Fixes Bug 395.

CC: libav-stable@libav.org
(cherry picked from commit 9ae80e6a9cefcab61e867256ba19ef78a4bfe0cb)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-05 00:25:31 +01:00
Janne Grunau
52adbc0e17 h264: Fix parameters to ff_er_add_slice() call 
s->mb_x is reset to zero a couple of lines above. It does not make
sense to call ff_er_add_slice() with 0 as endx when the end of the
macroblock row was reached. Fixes unnecessary and counterproductive
error resilience in https://bugzilla.libav.org/show_bug.cgi?id=394.

(cherry picked from commit e6160bda98641b7d4f86de15761ad2a962f21a36)

Conflicts:

	libavcodec/h264.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-05 00:25:31 +01:00
Diego Biurrun
26b177b8f7 build: fix 'clean' target 
This fixes removal of TOOLS as well as HOSTPROGS declared in the
top-level Makefile.  The clean target in common.mak needs to be
eval'd since the variables used within are reset for each library.

(cherry picked from commit 395c3feb3bb165af5760d287a9a64344b6269fe2)

Conflicts:

	common.mak
	library.mak

Signed-off-by: Diego Biurrun <diego@biurrun.de>
 2013-01-03 15:30:45 +01:00
Diego Biurrun
dcf8f259d1 build: Add 'check' target to run all compile and test targets. 
(cherry picked from commit 4982e1ddfaff5287e05b95957f3c56901d60b56a)

Signed-off-by: Diego Biurrun <diego@biurrun.de>
 2013-01-03 15:21:39 +01:00
Diego Biurrun
576834b08e Ignore generated aviocat tool. 
(cherry picked from commit 50639cbefef8cc9f3df19241be7cf23cde8313b7)

Signed-off-by: Diego Biurrun <diego@biurrun.de>
 2013-01-03 15:20:12 +01:00
Anton Khirnov
50b8e4c8fd avconv: only apply presets when we have an encoder. 
Fixes a crash when using a preset with stream copy.
(cherry picked from commit 4e61a38aa038b7027c5ed423635168d463515d24)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-02 20:55:27 +01:00
Justin Ruggles
0ba0e31955 flacenc: ensure the order is within the min/max range in LPC order search 
This fixes use of uninitialized values when the FLAC encoder uses the
2-level, 4-level, and 8-level search methods. Fixes failure of the
fate-flac-24-comp-8 test when run using valgrind.
(cherry picked from commit 3a2731cbd31d0c5681ddbc7c78edd5c53c4d0032)

Conflicts:

	libavcodec/flacenc.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-02 20:44:31 +01:00
Luca Barbato
abe345251a yuv4mpeg: reject unsupported codecs 
The muxer already rejects unsupported pixel formats, reject also
unsupported codecs to prevent dangerous misuses.
(cherry picked from commit 424b1e764263b1493de4c34365ef367ddae856db)

Conflicts:

	libavformat/yuv4mpeg.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-01-02 20:34:08 +01:00